When shopping for an MSSP, there are a variety of different options to consider. While this can be overwhelming, it can also be an advantage. With a variety of different offerings available, the odds are high that you will be able to find a provider that is right for your organization. During the evaluation process, many organizations have a long shopping list of features or guarantees that they are looking for. One important, but often overlooked, feature is the actual size of the MSSP.
An MSSP that is too large or too small can be the wrong fit for your needs. If you want a more personal relationship with your MSSP provider, partnering with any massive organization often means a loss of a personal relationship. Picking too small of an organization, on the other hand, could leave you looking for a new service provider next year once they go out of business. Like with any other partnership, it’s important to consider the pros and cons and go with a partner that’s “just right”.
Large MSSPs typically become large MSSPs by knowing how to do their jobs. Despite the cybersecurity skills shortage, they typically have the funding and reputation necessary to buy the latest tools and attract the cybersecurity talent needed to do their job. However, gaining access to this talent may be more of a problem.
The reason is that large MSSPs have lots of customers, and, in order to serve them all, need to operate efficiently. This typically means setting up a hierarchy of customer support, where most service tickets are managed by less-skilled employees, and, if they can’t solve a problem, it’s passed up the chain.
While this can be good for the MSSP, it can be frustrating for you and your organization. Anyone who has interacted with a customer support to get a problem solved knows the frustration of explaining their problem again and again only to hear that this person can’t help you but will connect you to someone who can. In the world of cybersecurity, where it only takes 19 minutes for some attackers to move laterally from one computer to another in your network, this time spent “on hold” can result in significant damage and expense to your organization.
With a small MSSP, you typically can achieve a much closer personal relationship with your service provider. This can be a huge asset, since the ability to “pick the brain” of a cybersecurity professional can make a massive difference in your ability to secure your network or understand what is going on. In general, a smaller MSSP provides excellent service up-front, providing highly-personalized service when designing and deploying defenses for your network
However, these smaller MSSPs often don’t have the resources necessary to continue offering this level of service. Many of these small service providers have not had the opportunity or the resources necessary to invest in their technology stack and personnel. As a result, they may struggle with identifying a potential incident and may not have the necessary talent and processes in place to rapidly respond to an intrusion.
When looking for an MSSP, it is important to choose one that balances the resources of a large-scale MSSP with the personal touch of a smaller one. When evaluating a possible MSSP, ask about their security infrastructure, incident response policies and procedures, and the availability of their experts. A “right size” MSSP should have proven infrastructure capable of helping you to detect and rapidly respond to a potential incident, but also will connect you directly to someone who can help you with your issue, rather than forcing you to move through a tiered support system.